Skip to main content

๐Ÿ” Configuration

This guide explains how to properly structure authentication parameters, cryptographic signing credentials, and operational pooling layers using the type-safe ZTeraDBConfig engine interface.

๐Ÿ›ก๏ธ The Three-Key Authentication Protocolโ€‹

To protect high-throughput binary frames passing over low-overhead socket connections, ZTeraDB utilizes a decoupled signature verification matrix that inherently prevents network replay attacks.

๐Ÿ”’ Cryptographic Replay-Protection Pipelineโ€‹

Your accessKey and secretKey is never exposed to the network. Instead, every time a query is evaluated through the connection layer, the driver automatically handles a local HMAC-SHA256 signature sequence:

  1. Message Synthesis: The driver links your readable access_key, a cryptographically secure random nonce (number used once), and a current Unix timestamp.

  2. Signature Calculation: The local runtime hashes that message using your hidden secret_key as the HMAC cryptographic key.

  3. Payload Packaging: The calculated signature, nonce, and timestamp are packed directly into the binary frame header. The server replicates this exact math using its vault copy of your secret key to guarantee the payload has not been modified or replayed.

    โš ๏ธ System Time Dependency: Because signatures use timestamps, your application server's clock must be highly accurate. If your clock drifts by more than 5 minutes, the server will automatically reject transactions.

๐Ÿงฉ Complete Structure Overviewโ€‹

Here is the entire configuration matrix with its nested schemas. The factory naturally accepts standard JavaScript objects:

import { ZTeraDBConfig } from '@zteradb/client'; // Or using commonJS: const { ZTeraDBQuery } = require('@zteradb/client');

const config = ZTeraDBConfig({
  clientKey: 'string',
  accessKey: 'string',
  secretKey: 'string',
  databaseID: 'string',
  env: 'dev' | 'staging' | 'qa' | 'prod', // Accessible via ENVS constant properties
  responseDataType: 'json',
  use_tls: true | false,
  verify_tls_host: true | false,
  options: {
    connectionPool: {
      min: 0,
      max: 1
    }
  }
});

โš™๏ธ Advanced Properties Referenceโ€‹

1. Authentication & Core Identityโ€‹

ParameterTypeExposureOperational Responsibility
client_keystringPublicRequired. Your unique ZTeraDB user account identity string. Found in your Dashboard -> User Profile โ†’ Security Credentials.
access_keystringPrivateRequired. Never transmit over the wire. A token used locally by the Node.js runtime, combined with a nonce and timestamp, to generate or verify an HMAC payload
secret_keystringSecretRequired. Never transmit over the wire. Used locally by the Node.js runtime to execute an HMAC integrity checksum on raw payloads.
database_idstringPrivateRequired. The static unique string pointing to your isolated target database cluster instance.

๐Ÿ”’ Security Best Practice: Never hardcode your access_key and secret_key into your codebase or commit configurations to version control. Always extract parameters dynamically at runtime using secure environment variables.

2. Environment & Serializationโ€‹

The env and response_data_type settings route your application's connection layer to the correct backend infrastructure cluster and dictate how data is unpacked in memory.

  • env (Allowed Values: ENVS::DEV | ENVS::STAGING | ENVS::QA | ENVS::PROD)
    Specifies the target environment block for the database driver. The configuration engine catches loose string inputs coming from system environments (e.g., "PROD", "STAGING") and automatically coaxes them into safe, lowercase matches.

    • Fallback: process.env.ZTERADB_ENV (Defaults cleanly to ENVS::DEV if completely absent).

  • response_data_type (Allowed Values: ResponseDataTypes::JSON)
    Informs the lower transport framing engine how to parse and deserialize incoming un-prefixed buffer stream payloads into runtime memory structures. Currently, the client defaults exclusively to type-safe JSON object serialization via class constants.

3. Transport Layer Security (TLS)โ€‹

ParameterTypeDefaultDescription
use_tlsboolfalseUpgrades the raw TCP transport stream to an encrypted TLS socket connection.
Fallback: process.env.USE_TLS
verify_tls_hostbooltrueWhen TLS is enabled, this checks that the server's certificate matches the target hostname. Toggle to false only during development if testing with self-signed local certificates.
Fallback: process.env.VERIFY_TLS_HOST

4. Performance Tuning (options.connectionPool)โ€‹

For traffic-heavy apps, pass an Options object holding a ConnectionPool config to configure socket reuse rules.

options: {
  connectionPool: {
    min: 2,
    max: 10
  }
}
FieldMeaning
minMinimum persistent connections ZTeraDB keeps open
maxMaximum number of allowed connections
  • Note: If this configuration is omitted, ZTeraDB automatically provisions and scales connections dynamically based on traffic spikes.

๐Ÿงช Comprehensive Implementation Exampleโ€‹

If your operating platform exposes variables using matching system keys, the engine can build and validate configurations implicitly without passing hardcoded parameters:

import { ZTeraDBConfig, ENVS, ResponseDataTypes } from "@zteradb/client"; // Or using commonJS: const { ZTeraDBQuery } = require('@zteradb/client');

const config = ZTeraDBConfig({
  // Direct explicit passing (or handled automatically via process.env fallback)
  clientKey: process.env.ZTERADB_CLIENT_KEY,
  accessKey: process.env.ZTERADB_ACCESS_KEY,
  secretKey: process.env.ZTERADB_SECRET_KEY,
  databaseID: process.env.ZTERADB_DATABASE_ID,
  
  // Core Engine Handlers
  env: ENVS.PROD,
  responseDataType: ResponseDataTypes.JSON,
  
  // Socket Encryption Layers
  use_tls: true,
  verify_tls_host: true,
  
  // Custom Resource Allocation Limits
  options: {
    connectionPool: {
      min: 5,
      max: 25
    }
  }
});

// The final configuration payload is structured and permanently frozen 
export default config;

โš ๏ธ Common Anti-Patterns to Avoidโ€‹

  • โŒ Hardcoding and Committing Secrets: Writing sensitive credentials directly into script configurations or accidentally pushing them to version control repositories (e.g., GitHub).

    • Fix: Inject keys dynamically via system environment variables. The initialization pipeline automatically resolves missing parameters using secure process.env cascading fallbacks at runtime.

  • โŒ Attempting Runtime Configuration Mutations: Trying to alter, append, or delete properties on the generated configuration object within downstream application middleware steps.

    • Fix: Treat the returned payload as strictly immutable. The factory engine enforces runtime state integrity by deeply executing Object.freeze() across three critical layer boundaries (finalConfig, options, and connectionPool).

  • โŒ Improper Connection Pool Boundaries: Supplying invalid numeric relationships for resource allocation, such as setting the minimum connection threshold higher than the maximum limit (min > max).

    • Fix: Ensure logical boundary constraints are met. The parsing sub-module uses strict base-10 radix verification and aggregates discrepancies into a central validation array, triggering a runtime exception if boundaries are breached.

  • โŒ Passing Arbitrary or Un-Validated Environment Strings: Typing raw, arbitrary string words (like "production", "local", or "testing") directly into the configuration block.

    • Fix: Supply one of the whitelisted deployment targets: "DEV", "STAGING", "QA", or "PROD". For maximum type-safety and consistency, utilize the exported ENVS constant mapping flags (e.g., ENVS.PROD). The engine safely normalizes inputs internally.

  • โŒ Running Plaintext Connections in Production Environments: Omitting the transport security flag or allowing it to fallback to false in live enterprise pipelines.

    • Fix: Explicitly toggle use_tls: true inside production environments to upgrade the transport stream to an encrypted socket connection and pass regulatory compliance constraints.

๐ŸŽ‰ You are ready to create a connection!

Continue to:
๐Ÿ‘‰ zteradb-connection.md